Windows XP gets first post-EOL security patch

Microsoft has broken its promise to cease support of Windows XP with the release of a critical security update, despite the platform having reached official EOL on the 8th of April.

Microsoft has released an out-of-band emergency patch for a critical security hole in its Internet Explorer web browser, and in doing so set an awkward precedent by releasing it for the officially end-of-life Windows XP operating system.

The zero-day exploit in Internet Explorer was one of the most serious bugs to hit Microsoft's software in recent times. Announced late last month, the flaw allowed attackers to run arbitrary code whenever the browser hit a malicious site. Microsoft admitted that the vulnerability was the focus of targeted attacks, and pledged to investigate and patch the hole as quickly as possible for most users.

That latter proviso comes due to the status of Windows XP, which after an unusually lengthy support period - extended several times past its original schedule thanks to poor corporate adoption of its successors - entered End Of Life (EOL) status on the 8th of April. The Internet Explorer flaw, then, represented the first serious security vulnerability that would not be patched in Windows XP - at least, unless you're one of the company's well-heeled enterprise customers paying a considerable fee for an extended support contract.

With just shy of 30 per cent of web users still running XP, that left a considerable chunk of targets vulnerable to attack. Interestingly, Microsoft has chosen to protect said users with an out-of-band patch for the operating system - despite warning time and again that there would be no more updates for non-paying customers after the 8th of April.

'We have made the decision to issue a security update for Windows XP users,' admitted Microsoft's Dustin Childs in a brief announcement on the matter. 'Windows XP is no longer supported by Microsoft, and we continue to encourage customers to migrate to a modern operating system, such as Windows 7 or 8.1. Additionally, customers are encouraged to upgrade to the latest version of Internet Explorer, IE 11.'

While Microsoft continues to attempt to push XP users into upgrading, the release of the patch following the platform's official EOL date sends an extremely mixed message - although it's hard to see something which protects a big chunk of the internet's users from attack as a negative. It does mean, however, that all eyes will be on Microsoft the next time a critical flaw covering Windows XP is found, to see if it decides to make yet another one-off exception for the OS that just won't die.

Share This News Story

26 Comments

Or maybe they realized that having roughly a third of the computers out there get infected while running your OS while you did nothing to help them was going to look really really bad.

Like congressional hearings bad.

Satya Nadella didn't want to follow Mary Barra up to Capitol Hill to explain why his company stood by and did nothing while millions of people got their identities stolen and their computers hacked by a problem that MS knew about.

Originally Posted by CthippoOr maybe they realized that having roughly a third of the computers out there get infected while running your OS while you did nothing to help them was going to look really really bad.

Like congressional hearings bad.

Satya Nadella didn't want to follow Mary Barra up to Capitol Hill to explain why his company stood by and did nothing while millions of people got their identities stolen and their computers hacked by a problem that MS knew about.

Wasn't GM at fault because they didn't tell anyone? MS told everyone XP support would end, we've been warned for ages. If someone decides to use an unsupported product then it's there own fault if something goes wrong. Otherwise they'll be supporting XP forever.

XP is currently the equivalent of an old banged up rusty heap o' crap found at a scrapyard that isn't road worthy but that just happens to run. Regardless of previous faults, if it shouldn't be on the road then it's your own problem.

Originally Posted by loftieXP is currently the equivalent of an old banged up rusty heap o' crap found at a scrapyard that isn't road worthy but that just happens to run. Regardless of previous faults, if it shouldn't be on the road then it's your own problem.

^THIS^
You cant go blaming the manufacturer if you decide to buy a car without airbags, just as you cant blame the manufacturer if you can't buy a new set of brakes for a car they stopped making 12 years ago.

Quote:

Originally Posted by rolloDo the general public even know windows xp support has ended not seen it posted in most of the bigger computer shops. None of the smaller ones around where i live have mensioned it

They do if they had auto update switched on (default) as they got an update that showed pop ups in the notification area telling them that support was coming to an end.

XP is currently the equivalent of an old banged up rusty heap o' crap found at a scrapyard that isn't road worthy but that just happens to run. Regardless of previous faults, if it shouldn't be on the road then it's your own problem.

Originally Posted by CthippoOr maybe they realized that having roughly a third of the computers out there get infected while running your OS while you did nothing to help them was going to look really really bad.

This, really.
If it affects Windows and\or IE, it affects the image of all Windows and IEs.

If it was the same or very similar lines of code in XP (or just an easy fix), then M$ might as well just patch XP too. Good press for little or no work.

Also, I bet a lot of exploits have been held back, hoping to catch tons of users unprotected after the end of the support period. M$ can either continue to patch super critical flaws or just hope that attackers run ransom ware or some other computer disabling code, thus forcing most users to give up and buy a new computer (with windows 8!).

Originally Posted by play_boy_2000M$ can either continue to patch super critical flaws or just hope that attackers run ransom ware or some other computer disabling code, thus forcing most users to give up and buy a new computer (with windows 8!).

They haven't needed an end to support for this to happen, ransomware isn't something new that will appear, it exists already. Most users will generally swear at the computer, stamp their feet, and see how much it costs to get it repaired.

Again though, it's not Microsoft's fault if someone chooses to run IAMNOTAVIRUSHONEST.exe. Unfortunately the general population lacks common sense and this transfers to their use of computers too. For all it's faults, I like XP, but it needs to be retired.

I hope xp doesn't die for a long time just to give Microsoft grief. Other than w98 se, xp and w7 everything else in the last decade or so has been at least half garbage, Vista, ME, W8...to name a few. Maybe they will start to clue in that we want well working stable(ish) OS's that don't need three or four service packs/ revisions juice to be livable. And for the love of god, just give keep a simple option for classic style desktop and start menu, then have a different mode/ view/ tile style option.

Sorry Microsoft, as hard as you try your never going to be the Apple in the consumers eye...
Bad Microsoft... stop screwing around already.

Originally Posted by KruelneswsI'm on w7 and intend to stay there until w9 sp1 or later.

I hope xp doesn't die for a long time just to give Microsoft grief. Other than w98 se, xp and w7 everything else in the last decade or so has been at least half garbage, Vista, ME, W8...to name a few. Maybe they will start to clue in that we want well working stable(ish) OS's that don't need three or four service packs/ revisions juice to be livable. And for the love of god, just give keep a simple option for classic style desktop and start menu, then have a different mode/ view/ tile style option.

Sorry Microsoft, as hard as you try your never going to be the Apple in the consumers eye...
Bad Microsoft... stop screwing around already.

Your statement is so much fail. So you expect Microsoft to create an OS that is bug-free and perfectly secure against all viruses and Trojans past, present and future, and will run on all hardware past, present and future, without any patches or updates. Unrealistic much?

Seriously, even OSX is on its, what, eight iteration? And Linux is on ten.

Originally Posted by imparIf it affects Windows and\or IE, it affects the image of all Windows and IEs.

I think it says more about the type of people using computers now days.
There was a time computers were only used by geeks that knew what owning a computer involved and the reason to keep software updated.

Just like there was a time that owning a car meant you had to know where to put the water and oil, and what that funny light on the dashboard meant. Now we just take our car to a mechanic when it stops working.

Nexxo I do see what you are saying. I don't expect a perfect system, that is impossible. Just not something that is obviously riddled with so many not so little, obvious, issues. It's seems that Microsoft hurries to release a OS that is closer to a Beta than consumer ready product, ie. Vista. I wish they took a little more time and had a little bit more polish. Kind of how some game developers launch knowingly bug ridden games and still pushed out the door to meet the deadline... then scrambling to make it not sh!++y.

- oops we released another brutal OS, quick try to patch the gaping hole with a bandaid and we will just call it something else

Originally Posted by KruelneswsNexxo I do see what you are saying. I don't expect a perfect system, that is impossible. Just not something that is obviously riddled with so many not so little, obvious, issues. It's seems that Microsoft hurries to release a OS that is closer to a Beta than consumer ready product, ie. Vista. I wish they took a little more time and had a little bit more polish. Kind of how some game developers launch knowingly bug ridden games and still pushed out the door to meet the deadline... then scrambling to make it not sh!++y.

- oops we released another brutal OS, quick try to patch the gaping hole with a bandaid and we will just call it something else

There actually is a mathematical formula that predicts the number of bugs that will be in a program depending on its size and complexity. Turns out humans are consistently fallible.

I don't know how old you are, and therefore if you ever used a PC in the MS-DOS days in a meaningful way. But I start to long for those days. The OS was much simpler then, and incredibly compact and almost free of bugs and vulnerabilities. And only a serious computer geek could use them, because there was no plug and play, no automatic driver setup, no memory management to speak of. Hell, there wasn't even a standard for soundcards, joysticks or CD-ROMs. Windows has made PCs almost idiot-proof simple, and it will run on practically any PC, in any of millions of configurations and combinations of dodgy cheap Taiwanese knock-off hardware. It is, frankly, a programming tour de force. I'm amazed it works at all.

Quote:

Originally Posted by imparGreetings!

Was Samsung selling Galaxies and Notes back then?

It was selling stuff with a 15% failure rate. Good thing people don't remember those days, eh?

Nexxo. I am fond of the days with green screen floppy computers from macintosh and IBM, our 486 dx2 66 and playing skyroads. It is an amazing amount of complexity with an almost infinite combination of hardware set ups. Due to the sheer size and complexity of an OS there's always many flaws that can never be found until it gets real world use. It seems that MS is more willing to release a shiny new OS with a huge amount of likely known issues. I can understand why people are reluctant to leave something that is stable and working well to go play "beta tester" per say.

There is no other way to know the issues than to subject the OS to real world conditions, where multiple creative minds will hack it for years trying to find vulnerabilities. If you want only a 100% secure OS to be released, you'll wait forever.

Keep in mind that OSX and Linux are just as vulnerable. But they are not as widely used, hence not as widely targeted. Microsoft is held to a higher standard.

Originally Posted by NexxoThere is no other way to know the issues than to subject the OS to real world conditions, where multiple creative minds will hack it for years trying to find vulnerabilities. If you want only a 100% secure OS to be released, you'll wait forever.

Keep in mind that OSX and Linux are just as vulnerable. But they are not as widely used, hence not as widely targeted. Microsoft is held to a higher standard.

That's why IMHO it's better to wait and let others be the early adopters.
Microsoft isn't held to higher standards, they just have a higher profile.

Originally Posted by NexxoI don't know how old you are, and therefore if you ever used a PC in the MS-DOS days in a meaningful way. But I start to long for those days. The OS was much simpler then, and incredibly compact and almost free of bugs and vulnerabilities.

Say what? <cough>MS-DOS 4</cough>

Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.